MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Mirai


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875
SHA3-384 hash: d507eedec45f23b37286296a9810e714eed6af35018917ad81e7cbc0ae090c06c8530dc52e85de13a95ea7940290c478
SHA1 hash: fe918c78b88b339106ef582afa21735fc8080ce5
MD5 hash: 4cb013ca44aae16dc39a877523f65269
humanhash: summer-jig-kilo-magazine
File name:w2.sh
Download: download sample
Signature Mirai
Create hunting rule
File size:1'140 bytes
First seen:2025-09-30 05:32:57 UTC
Last seen:Never
File type: sh
MIME type:text/plain
ssdeep 12:6+E+paG+JNIQy+SvK5+V50FD+vE1C+nc+T+uk+5k+0+tLUn:aNI5Ke50FxRtPUn
TLSH T181213EF90019A12D18006F1170D548292CBBFBE651229EF9547FE433A2DBDB0BB22E38
Magika txt
Reporter abuse_ch
Tags:sh
URLMalware sample (SHA256 hash)SignatureTags
http://213.209.143.44/UnHAnaAW.arma0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm5dceec67b91a53c720d94e3bbf5a7081b389bbf3c8fc616487730da3e8ae280b7 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm63a7134b8240e560d81d4a1effbb04a8f873e34ad332212b62de07807212f1b82 Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.arm7e63475639ec1c8ec9643203a4902fbc59e7c8272cadd7db355c5da6ba6ea98ed Miraiarm elf geofenced mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.m68k45ffe7993ff74b97fd7276f105415ce9d449ffc034007e5c7bbfaf44e8464bbd Miraielf geofenced m68k mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mips91e7b4318985ce375aef13265584ffb72b936593a99d10e6ff98305d962c2623 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.mpslb7e145aa84a71ee51c3f45351d82d2aaa179562dacc4547efc2f06e30664e2d4 Miraielf geofenced mips mirai opendir ua-wget USA
http://213.209.143.44/UnHAnaAW.ppcfb5e0ae697fafd5f58e98e0b74d9160cf8ed08c73fc329d02e4cdb4739485804 Miraielf geofenced mirai opendir PowerPC ua-wget USA
http://213.209.143.44/UnHAnaAW.sh49311cc7b2b4f4777b9ffbf50978f85055aed70ea42bac6be542cb66d8de2de0f Miraielf geofenced mirai opendir SuperH ua-wget USA
http://213.209.143.44/UnHAnaAW.spcb536d143397fd3c4c964adeeebc4935d7c5ca8ce21de1ff035a94862161d3d19 Miraielf geofenced mirai opendir sparc ua-wget USA
http://213.209.143.44/UnHAnaAW.x863fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf geofenced mirai opendir ua-wget USA x86
http://213.209.143.44/UnHAnaAW.x86_643fa5a4a14056a35151506bab32705cdaabaac752616a425d913ab6c7299162e5 Miraielf mirai ua-wget

Intelligence

File Origin
# of uploads :
1
# of downloads :
43
Origin country :
DE DE
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Linux.Downloader-32.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
busybox
Link:
https://www.filescan.io/uploads/68db6bc474e5a289899987c3/reports/fbb8616b-836e-4653-8304-1dcf0b695e35/overview
Verdict:
Malicious
File Type:
text
First seen:
2025-09-30T03:25:00Z UTC
Last seen:
2025-09-30T03:25:00Z UTC
Hits:
~10
Detections:
HEUR:Trojan-Downloader.Shell.Agent.cl
Link:
https://opentip.kaspersky.com/9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875/results?tab=lookup
Status:
terminated
Link:
https://sandbox.kunai.rocks/analysis/be5b161f-35a1-47fc-b652-8f4405c41faa
Behavior Graph:
Download SVG
%3 guuid=404586d1-1600-0000-1cf8-c489a80e0000 pid=3752 /usr/bin/sudo guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759 /tmp/sample.bin guuid=404586d1-1600-0000-1cf8-c489a80e0000 pid=3752->guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759 execve guuid=89ee89d3-1600-0000-1cf8-c489b10e0000 pid=3761 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=89ee89d3-1600-0000-1cf8-c489b10e0000 pid=3761 execve guuid=8bc0f0db-1600-0000-1cf8-c489e00e0000 pid=3808 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=8bc0f0db-1600-0000-1cf8-c489e00e0000 pid=3808 execve guuid=7e6b67dc-1600-0000-1cf8-c489e60e0000 pid=3814 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=7e6b67dc-1600-0000-1cf8-c489e60e0000 pid=3814 clone guuid=900a7bde-1600-0000-1cf8-c489e90e0000 pid=3817 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=900a7bde-1600-0000-1cf8-c489e90e0000 pid=3817 execve guuid=28f12be2-1600-0000-1cf8-c489f10e0000 pid=3825 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=28f12be2-1600-0000-1cf8-c489f10e0000 pid=3825 execve guuid=583b8ee2-1600-0000-1cf8-c489f30e0000 pid=3827 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=583b8ee2-1600-0000-1cf8-c489f30e0000 pid=3827 clone guuid=333e0de3-1600-0000-1cf8-c489f60e0000 pid=3830 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=333e0de3-1600-0000-1cf8-c489f60e0000 pid=3830 execve guuid=61f09de6-1600-0000-1cf8-c489080f0000 pid=3848 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=61f09de6-1600-0000-1cf8-c489080f0000 pid=3848 execve guuid=bde4d5e6-1600-0000-1cf8-c4890a0f0000 pid=3850 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=bde4d5e6-1600-0000-1cf8-c4890a0f0000 pid=3850 clone guuid=235654e7-1600-0000-1cf8-c4890e0f0000 pid=3854 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=235654e7-1600-0000-1cf8-c4890e0f0000 pid=3854 execve guuid=0369eceb-1600-0000-1cf8-c489210f0000 pid=3873 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=0369eceb-1600-0000-1cf8-c489210f0000 pid=3873 execve guuid=6b5030ec-1600-0000-1cf8-c489240f0000 pid=3876 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=6b5030ec-1600-0000-1cf8-c489240f0000 pid=3876 clone guuid=6994a9ed-1600-0000-1cf8-c4892b0f0000 pid=3883 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=6994a9ed-1600-0000-1cf8-c4892b0f0000 pid=3883 execve guuid=f4e85af1-1600-0000-1cf8-c4893e0f0000 pid=3902 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=f4e85af1-1600-0000-1cf8-c4893e0f0000 pid=3902 execve guuid=e3df97f1-1600-0000-1cf8-c4893f0f0000 pid=3903 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=e3df97f1-1600-0000-1cf8-c4893f0f0000 pid=3903 clone guuid=ed4913f2-1600-0000-1cf8-c489420f0000 pid=3906 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=ed4913f2-1600-0000-1cf8-c489420f0000 pid=3906 execve guuid=0fe3d4f5-1600-0000-1cf8-c489500f0000 pid=3920 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=0fe3d4f5-1600-0000-1cf8-c489500f0000 pid=3920 execve guuid=88862ff6-1600-0000-1cf8-c489520f0000 pid=3922 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=88862ff6-1600-0000-1cf8-c489520f0000 pid=3922 clone guuid=a00c81f7-1600-0000-1cf8-c489550f0000 pid=3925 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=a00c81f7-1600-0000-1cf8-c489550f0000 pid=3925 execve guuid=9eeaddfb-1600-0000-1cf8-c489610f0000 pid=3937 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=9eeaddfb-1600-0000-1cf8-c489610f0000 pid=3937 execve guuid=d11c17fc-1600-0000-1cf8-c489620f0000 pid=3938 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=d11c17fc-1600-0000-1cf8-c489620f0000 pid=3938 clone guuid=261503fe-1600-0000-1cf8-c4896e0f0000 pid=3950 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=261503fe-1600-0000-1cf8-c4896e0f0000 pid=3950 execve guuid=24feb207-1700-0000-1cf8-c4898b0f0000 pid=3979 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=24feb207-1700-0000-1cf8-c4898b0f0000 pid=3979 execve guuid=a5970308-1700-0000-1cf8-c4898f0f0000 pid=3983 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=a5970308-1700-0000-1cf8-c4898f0f0000 pid=3983 clone guuid=18d6b608-1700-0000-1cf8-c489940f0000 pid=3988 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=18d6b608-1700-0000-1cf8-c489940f0000 pid=3988 execve guuid=e8959111-1700-0000-1cf8-c489b20f0000 pid=4018 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=e8959111-1700-0000-1cf8-c489b20f0000 pid=4018 execve guuid=b8362412-1700-0000-1cf8-c489b60f0000 pid=4022 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=b8362412-1700-0000-1cf8-c489b60f0000 pid=4022 clone guuid=2a009113-1700-0000-1cf8-c489bd0f0000 pid=4029 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=2a009113-1700-0000-1cf8-c489bd0f0000 pid=4029 execve guuid=e9679619-1700-0000-1cf8-c489d20f0000 pid=4050 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=e9679619-1700-0000-1cf8-c489d20f0000 pid=4050 execve guuid=70e7e519-1700-0000-1cf8-c489d40f0000 pid=4052 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=70e7e519-1700-0000-1cf8-c489d40f0000 pid=4052 clone guuid=46aba51a-1700-0000-1cf8-c489d90f0000 pid=4057 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=46aba51a-1700-0000-1cf8-c489d90f0000 pid=4057 execve guuid=878b411e-1700-0000-1cf8-c489e90f0000 pid=4073 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=878b411e-1700-0000-1cf8-c489e90f0000 pid=4073 execve guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075 /home/sandbox/UnHAnaAW.x86 net guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075 execve guuid=b034aa1e-1700-0000-1cf8-c489ef0f0000 pid=4079 /usr/bin/busybox net send-data write-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=b034aa1e-1700-0000-1cf8-c489ef0f0000 pid=4079 execve guuid=00f54e31-1700-0000-1cf8-c48949100000 pid=4169 /usr/bin/chmod guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=00f54e31-1700-0000-1cf8-c48949100000 pid=4169 execve guuid=44b58631-1700-0000-1cf8-c4894b100000 pid=4171 /usr/bin/dash guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=44b58631-1700-0000-1cf8-c4894b100000 pid=4171 clone guuid=7466a331-1700-0000-1cf8-c4894c100000 pid=4172 /usr/bin/rm delete-file guuid=923429d3-1600-0000-1cf8-c489af0e0000 pid=3759->guuid=7466a331-1700-0000-1cf8-c4894c100000 pid=4172 execve 9a5bfd7d-6ca1-5e69-b1de-790583636c52 213.209.143.44:80 guuid=89ee89d3-1600-0000-1cf8-c489b10e0000 pid=3761->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 89B guuid=900a7bde-1600-0000-1cf8-c489e90e0000 pid=3817->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=333e0de3-1600-0000-1cf8-c489f60e0000 pid=3830->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=235654e7-1600-0000-1cf8-c4890e0f0000 pid=3854->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=6994a9ed-1600-0000-1cf8-c4892b0f0000 pid=3883->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=ed4913f2-1600-0000-1cf8-c489420f0000 pid=3906->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=a00c81f7-1600-0000-1cf8-c489550f0000 pid=3925->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 90B guuid=261503fe-1600-0000-1cf8-c4896e0f0000 pid=3950->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 89B guuid=18d6b608-1700-0000-1cf8-c489940f0000 pid=3988->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 89B guuid=2a009113-1700-0000-1cf8-c489bd0f0000 pid=4029->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 89B guuid=46aba51a-1700-0000-1cf8-c489d90f0000 pid=4057->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 89B 8b0a01dc-0728-52c1-8024-c4ba7801b8d6 8.8.8.8:53 guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=eae39a1e-1700-0000-1cf8-c489ec0f0000 pid=4076 /home/sandbox/UnHAnaAW.x86 zombie guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075->guuid=eae39a1e-1700-0000-1cf8-c489ec0f0000 pid=4076 clone guuid=70789e1e-1700-0000-1cf8-c489ed0f0000 pid=4077 /home/sandbox/UnHAnaAW.x86 guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075->guuid=70789e1e-1700-0000-1cf8-c489ed0f0000 pid=4077 clone guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078 /home/sandbox/UnHAnaAW.x86 net send-data zombie guuid=df2b7b1e-1700-0000-1cf8-c489eb0f0000 pid=4075->guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078 clone guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 795831f1-3652-5898-8295-aba18a81ec9e 213.209.143.44:1024 guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->795831f1-3652-5898-8295-aba18a81ec9e send: 13B guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080 clone guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082 clone guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083 clone guuid=6766b91e-1700-0000-1cf8-c489f40f0000 pid=4084 /home/sandbox/UnHAnaAW.x86 guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=6766b91e-1700-0000-1cf8-c489f40f0000 pid=4084 clone guuid=424cbc1e-1700-0000-1cf8-c489f50f0000 pid=4085 /home/sandbox/UnHAnaAW.x86 guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=424cbc1e-1700-0000-1cf8-c489f50f0000 pid=4085 clone guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086 /home/sandbox/UnHAnaAW.x86 net net-scan send-data guuid=29aea31e-1700-0000-1cf8-c489ee0f0000 pid=4078->guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086 clone guuid=b034aa1e-1700-0000-1cf8-c489ef0f0000 pid=4079->9a5bfd7d-6ca1-5e69-b1de-790583636c52 send: 92B guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080|send-data send-data to 4097 IP addresses review logs to see them all guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080->guuid=6f3ead1e-1700-0000-1cf8-c489f00f0000 pid=4080|send-data send guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082|send-data send-data to 4097 IP addresses review logs to see them all guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082->guuid=9d52b21e-1700-0000-1cf8-c489f20f0000 pid=4082|send-data send guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 735e577c-deec-55c8-bc11-6c362db73913 95.86.67.88:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->735e577c-deec-55c8-bc11-6c362db73913 send: 356B 10561373-11b2-5a5d-9b72-22dbaa383474 94.123.37.39:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->10561373-11b2-5a5d-9b72-22dbaa383474 send: 356B fb5f6a22-b831-5c26-8ca1-ed823eefa13a 62.169.30.206:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->fb5f6a22-b831-5c26-8ca1-ed823eefa13a send: 356B 13f2bc48-d806-544d-947b-e18815df82ac 94.121.42.104:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->13f2bc48-d806-544d-947b-e18815df82ac send: 356B 8e6a9f5a-5656-5eba-9e51-52001aadef2b 94.122.65.254:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->8e6a9f5a-5656-5eba-9e51-52001aadef2b send: 356B a887742b-fc23-5927-9105-e8a6891f2020 31.24.86.122:8080 guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->a887742b-fc23-5927-9105-e8a6891f2020 con guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083|send-data send-data to 4092 IP addresses review logs to see them all guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083->guuid=8389b51e-1700-0000-1cf8-c489f30f0000 pid=4083|send-data send guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086->8b0a01dc-0728-52c1-8024-c4ba7801b8d6 con 2e2590a4-5c1c-5926-9f4f-e66bcfb8f94e 36.136.96.249:2323 guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086->2e2590a4-5c1c-5926-9f4f-e66bcfb8f94e con guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086|send-data send-data to 4097 IP addresses review logs to see them all guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086->guuid=c1ecc11e-1700-0000-1cf8-c489f60f0000 pid=4086|send-data send
Score:
100%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875/
Verdict:
Malicious
Threat:
Trojan-Downloader.Shell.Agent
Link:
https://tip.neiki.dev/file/9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875
Threat name:
Linux.Trojan.Egairtigado
Create hunting rule
Status:
Malicious
First seen:
2025-09-30 05:34:22 UTC
File Type:
Text (Shell)
AV detection:
21 of 37 (56.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=t6q4kezfj43gelauqhjpmqss44hg5xwktzbanx5zoen2xgqq7b2q._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
n/a
Link:
https://tria.ge/reports/250930-f89qpatrz3/
Behaviour
Modifies registry class
Suspicious use of SetWindowsHookEx
Enumerates physical storage devices
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

Mirai

sh 9fa1c513254f36622c1481d2f64252e70e6edeca9e4206dfb9711bab9a10f875

(this sample)

Mirai

elf a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

  
URLhaus
https://urlhaus.abuse.ch/url/3635422/
  
Delivery method
Distributed via web download
  
Dropping
MD5 a40adf8db448637a15286a81e79fa19d
  
Dropping
SHA256 a0822f8acdc5b0d20b2bd2bcc92a2c341c18ee04e38fae3407d3d1ff9eef85a1

Comments